Conficker - A Big Threat to Business and Home Computer Networks

As per the Conficker Working Group (set up to fight against the Conficker worm), the worm still presents a threat and businesses should remain aware of two exploits that could be introduced into their IT systems.

Conficker first made appearance in October 2008 and the infection spread to both the business and home networks. In fact, the networks of large multinational companies could not remain unaffected from the infection. Nobody could exactly point out the magnitude of the infection, but the estimation hint towards millions of personal computers.

The worm employs different techniques to thwart the security companies' attempt of detecting it. It directs huge traffic flow towards the company's network once it penetrated into the system. According to IT security sources, some government systems and multinationals were understood to have been infected by the worm in 2009.

Rodney Joffe, Director of the Conficker Working Group, said that Conficker usually deactivated the functionality of automatic updates the Microsoft Windows operating system and turn off traditional antivirus but some business organizations were aware of this feature of Conficker, as reported by ComputerWeekly on June 14, 2010.

Cyber criminals can easily recognize the Conficker-infected IP addresses and the date of infection. The information would enable cyber criminals to know the exploits of these IP addresses. These IP addresses are likely to be vulnerable since they could not receive Microsoft security updates from the infection date. Besides, there is a strong possibility that all AV systems are disabled, said Rodney Joffe.

After the identification of potential vulnerable IP address, cyber criminals could employ reverse mapping technology to trace the organization to which that IP address belongs. Criminals can also use the IP address as a platform for launching more attacks on other machines behind organization's firewall.

The security experts have said that the absence of big attacks linked to Conficker since April 2009 gives an impression of nothing is happening, but the complacent attitude could be very dangerous. Hence, business organizations and home users are advised that they should patch the vulnerabilities exploited by Conficker.

Apart from this, organizations should take necessary measures outside their normal protocol to ensure that they easily update their systems are updated with Microsoft patches. Since the patching of vulnerabilities on a macro scale in almost impossible, organization should implement other proactive measures to prevent themselves from such kind of vulnerabilities.

Related article: Conviction of First Felony Spam in Virginia Upheld

» SPAMfighter News - 6/22/2010